Details of VAR-202110-0436

ID

VAR-202110-0436

CVE

CVE-2021-31375

TITLE

Juniper Networks Junos OS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202110-943

DESCRIPTION

An Improper Input Validation vulnerability in routing process daemon (RPD) of Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI), allows an attacker to send a specific BGP update which may cause RPKI policy-checks to be bypassed. This, in turn, may allow a spoofed advertisement to be accepted or propagated. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R2

Trust: 1.08

sources: NVD: CVE-2021-31375 // VULHUB: VHN-391123 // VULMON: CVE-2021-31375

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	17.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.3	Trust: 1.0

sources: NVD: CVE-2021-31375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-31375
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2021-31375
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202110-943
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-391123
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-31375
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-31375
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-391123
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-31375
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
sirt@juniper.net:	CVE-2021-31375
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-391123 // VULMON: CVE-2021-31375 // CNNVD: CNNVD-202110-943 // NVD: CVE-2021-31375 // NVD: CVE-2021-31375

PROBLEMTYPE DATA

problemtype:	CWE-358	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0

sources: NVD: CVE-2021-31375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-943

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-943

PATCH

title:	Juniper Networks Junos OS Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=167814	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2021-31375	Trust: 0.1

sources: VULMON: CVE-2021-31375 // CNNVD: CNNVD-202110-943

EXTERNAL IDS

db:	JUNIPER	id:	JSA11240	Trust: 1.8
db:	NVD	id:	CVE-2021-31375	Trust: 1.8
db:	CNNVD	id:	CNNVD-202110-943	Trust: 0.6
db:	VULHUB	id:	VHN-391123	Trust: 0.1
db:	VULMON	id:	CVE-2021-31375	Trust: 0.1

sources: VULHUB: VHN-391123 // VULMON: CVE-2021-31375 // CNNVD: CNNVD-202110-943 // NVD: CVE-2021-31375

REFERENCES

url:	https://kb.juniper.net/jsa11240	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31375	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-36656	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2021-31375	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-391123 // VULMON: CVE-2021-31375 // CNNVD: CNNVD-202110-943 // NVD: CVE-2021-31375

SOURCES

db:	VULHUB	id:	VHN-391123
db:	VULMON	id:	CVE-2021-31375
db:	CNNVD	id:	CNNVD-202110-943
db:	NVD	id:	CVE-2021-31375

LAST UPDATE DATE

2024-08-14T14:50:06.239000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-391123	date:	2022-10-27T00:00:00
db:	VULMON	id:	CVE-2021-31375	date:	2022-10-27T00:00:00
db:	CNNVD	id:	CNNVD-202110-943	date:	2022-10-28T00:00:00
db:	NVD	id:	CVE-2021-31375	date:	2022-10-27T16:33:57.770

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-391123	date:	2021-10-19T00:00:00
db:	VULMON	id:	CVE-2021-31375	date:	2021-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202110-943	date:	2021-10-13T00:00:00
db:	NVD	id:	CVE-2021-31375	date:	2021-10-19T19:15:10.707